EU AI Act high-risk obligations take effect August 2, 2026. Penalties reach 7% of global revenue or €35M. The high-risk classifications include AI agents in employment, credit scoring, law enforcement, education, and essential services. Centurian generates court-defensible audit reports covering automated record-keeping, continuous risk assessment, transparency, human oversight, and post-market monitoring — from deploy-day zero, on every registered agent, regardless of vendor.
The 7 high-risk obligations
[ ART_9 / RISK_MGMT ]
Continuous risk identification and mitigation across the AI system lifecycle. Centurian: trajectory eval + anomaly clustering + framework Red/Amber/Green per agent.
[ ART_10 / DATA_GOV ]
Training, validation, testing data quality. Centurian: data lineage attestation, signed dataset versions, Ed25519-anchored.
[ ART_11 / TECH_DOC ]
Technical documentation maintained throughout system lifecycle. Centurian: registration carries declared attributes + agent-card; updated continuously.
[ ART_12 / RECORD_KEEPING ]
Automated logging of system operation. Centurian: bitemporal evidence chain, every action signed, retained >10 years for high-risk.
[ ART_13 / TRANSPARENCY ]
User information, instructions for use. Centurian: framework attestation surface visible to operators, three-tier RBAC lenses.
[ ART_14 / HUMAN_OVERSIGHT ]
Effective human oversight throughout use. Centurian: 5 high-privilege actions gated by step-up MFA; Default-OFF autonomous mode; exception queue with override.
Post-market monitoring system. Centurian: cross-vendor unified audit trail + Multi-rail Cost on every action + agent.attestation.expired spine events.
Cross-vendor unified audit
Most enterprises run high-risk AI agents on six platforms. The EU AI Act report covers all of them or it covers none of them. Centurian writes one audit row per action regardless of vendor — agent identity, owner, platform, framework, rule, verdict, hash — and generates one report. Auditors get one document. Compliance officers get one source of truth. The penalty is 7% of global revenue if the wrong agent slips through; the answer is one spine.
FAQ
When does the EU AI Act take effect?
+
EU AI Act high-risk obligations take effect August 2, 2026. Earlier obligations on prohibited AI practices and general-purpose AI rules took effect through 2025. Penalties for non-compliance with the high-risk obligations reach 7% of global annual revenue or €35 million, whichever is higher.
What does the EU AI Act require for high-risk AI systems?
+
Risk management system, data governance, technical documentation, automated record-keeping (continuous logging), transparency, human oversight, accuracy and robustness measures, and post-market monitoring. Each obligation must be demonstrable on demand. The records must be tamper-evident and retained for at least 10 years for many high-risk classifications.
How does Centurian help with EU AI Act compliance?
+
The EU AI Act framework is distributed via Centurian's Prove product as a versioned, signed, attributable schema. Every action on every registered agent writes a bitemporal evidence row with cryptographic hashes. Continuous trajectory evaluation covers accuracy and robustness. Multi-rail Cost satisfies post-market monitoring on resource consumption. The Govern product enforces human oversight via step-up MFA on high-privilege actions. One-click report generation produces auditor-ready PDFs (Ed25519-signed) plus structured JSON.
What does 'Default-OFF for EU AI Act' mean in Centurian?
+
Centurian's Autonomous-Narrow operator mode (v0.3.0) is Default-OFF for the EU AI Act framework. Customer admins must opt in per framework, with sign-off required. The opt-in carries a quality floor on the eval suite, an explicit kill-switch propagation SLO of 30 seconds, and a public dogfood report on Centurian running the same mode internally. The default-off posture matches the EU AI Act's human-oversight obligation.
Can a single audit cover agents from multiple vendors?
+
Yes. Cross-vendor unified audit trail is a Centurian core capability. Agents on Salesforce Agentforce, AWS Bedrock, Microsoft Foundry, Google Vertex, Copilot Studio, and custom code all write to one bitemporal data spine. The audit report covers every agent regardless of vendor — the regulatory artifact is one document, not six.
What about GDPR Article 22 in conjunction with the EU AI Act?
+
GDPR Article 22 grants data subjects the right not to be subject to a decision based solely on automated processing. Centurian's Govern product wires a human-override path: any action flagged under Article 22 routes through the exception queue with mandatory human acknowledgment, and the override is recorded in the audit trail. The GDPR Article 22 framework is paired with EU AI Act framework execution.